CVE-2026-0719: A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication....

Description

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.

Metrics

CVSS 3.1

8.6/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS Probability

0.56%

42.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-121

References

Timeline

Published: Jan 8, 2026
Last Modified: Jun 17, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2026-0719?

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.

How severe is CVE-2026-0719?

CVE-2026-0719 has a CVSS score of 8.6/10 (HIGH severity). The EPSS model estimates a 0.56% probability of exploitation in the next 30 days.

How do I fix CVE-2026-0719?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.